Tamper-evident and/or tamper-resistant electronic components

ABSTRACT

A tamper-evident and/or tamper-resistant electronic module comprising an electronic component embedded in an encapsulant material and at least one thin sheet of frangible material contacting and overlying said encapsulant material and overlying said component, said sheet being sufficiently thin that it is likely to crack or break if an attempt is made to drill or cut through it with a laser drill.

TECHNICAL FIELD

[0001] This invention relates to tamper-evident and/or tamper-resistantelectronic components, and to ways of making them, and to applicationsfor such components. It is especially, but not exclusively, concernedwith electronic components which store or provide data or information.

[0002] Tamper-evident means that it is possible to tell that an attemptto subvert the electronic component, to tamper with it, has been made,preferably that it is relatively easy to tell that a tamper attempt hasbeen made. The attempt to tamper may or may not be successful: but atamper-evident device will have its integrity questioned if it showssigns of tampering. Tamper-resistant means that the component isdifficult to tamper with, or that it has been designed to resisttampering in at least one way. Neither tamper-evident nortamper-resistant mean that a component cannot be tampered with.

[0003] The invention has arisen out of the area of timestamping anelectronic document with a time in such a way that there is a highdegree of confidence that the document was really timestamped at theindicated time and that the time has not been forged. Since theinvention arose from such considerations it will be described in thatcontext, but it will be appreciated that it has wider applicability toother areas where it is desired to provide a tamper-evident and/ortamper-resistant component, circuitry, or device.

BACKGROUND ART

[0004] It is known in the field of timestamping documents to send adigest or fingerprint of document to be timestamped over the internet toa Trusted Clock—a clock whose integrity can be relied upon (for examplerelied upon in a court of law). The Trusted Clock then timestamps thedigest, crypotographically digitally signs the digest (for example byproducing a hash or second digest of the document digest plus time stampand then encrypting it) and sends the signed and hashed fingerprint ordocument/digest, back over the internet to the person who requested thatthe digest be signed. The signing process typically involves encryptingdata, often using the PKI infrastructure. Thus the signature, and theevidential reliability of the document and timestamp are time-limited towhen the cryptographic keys time expire in reliability (theCertification Authority typically puts a limit on the time for whichthey say their keys are safe, before they cannot be certain enough thatsomeone could not decrypt encrypted messages without the key). This mayresult in the need to have a timestamped signed digest timestamped andsigned again, using newer encryption keys before the expiry of the olderencryption certificate keys.

[0005] This need, and the general rise in Internet traffic, and the riseand projected rise in the requirement to timestamp documents or digestsof documents with a reliable time, means that there is likely to beincreasingly large demands on the Internet telecommunication pathways,and upon the usage of Trusted Clocks.

[0006] Documents or digests of documents that are timestamped need notbe share trades, tenders for tendered work, or other “high level”sensitive document digests, but are increasingly more mundane thingssuch as a digest of the log of when a monitored door is opened andclosed, and who opened and closed it (eg secure doors requiring swipecards or other user identification means). Connecting a doorsensor/actuator to the Internet can be expensive and awkward, as canconnecting other sensor/or control devices to the Internet.

[0007] It is known for people to try to determine the structure andoperational capabilities, and software used, in someone else'smicrochip, or printed circuit board (PCB) in order to break the law Forexample in order to bypass security provisions in order to perpetratecriminal activities such as industrial espionage, or even fraud ortheft. Internet fraud and computer hacking is a growing problem. Bankfraud and the breaching of the security of computer systems is a growingproblem. In some cases changing the time on an electronic record, e.g.putting the clock back, can be used in fraud. For example such“spoofing” of systems can mislead third parties into trusting somethingthey should not trust. It is undesirable to have anyone subverting thefunction of an electronic device in an undetected manner.

[0008] It is known to encase microchips, PCB's or other electronicdevices in a polymer matrix to hinder their physical inspection. It isknown to shield electronic components electromagnetically in order toprevent the leakage of electromagnetic radiation out from a device (theleaking out of information), and to prevent a device being subjected toincoming e.m. radiation, e.g. probing a device with a prompt and seeingwhat its responses are, in order to deduce things about the device.

DISCLOSURE OF THE INVENTION

[0009] It is an aim of at least one embodiment of the invention toreduce the need for Internet usage in order to access a Trusted Clock.

[0010] It is an aim of at least one embodiment of the invention toprovide a tamper-evident and/or tamper-resistant electronic component.

[0011] It is an aim of another embodiment of the invention to provide aTrusted Clock, or a Trusted data store.

[0012] According to one embodiment the invention comprises atamper-evident and/or tamper-resistant electronic module having anelectronic component, an encapsulant, and a tamper-evident tell-tale,the electronic component being embedded in the encapsulant and theencapsulant being associated with the tell-tale, and wherein thetell-tale is adapted to have a normal condition and a compromisedcondition and is adapted to undergo a one-way change from its normalcondition to its compromised condition if it experiences physicalconditions that are outside of allowable operational conditions, thecompromised condition of the tell-tale being detectably different fromthe normal condition of the tell-tale; and wherein the change incondition of the tell-tale is causeable by at least one of: (i) lightlevels that are higher than an allowable intensity; (ii) a thermalgradient in said tell-tale above a permissable level; (iii) thetemperature of the tell-tale rising above a permissable level; or (iv)mechanical stress in the tell-tale being above a permissable level.

[0013] Thus if the tell-tale is exposed to undesirable conditions it ispossible to determine this after the event. Preferably the tell-tale hasits compromised condition such that the difference between compromisedand normal conditions can be identified readily by the naked eye.

[0014] Preferably the tell-tale comprises a thin sheet of frangiblematerial which cracks or breaks when exposed to the non-permissablephysical conditions. The tell-tale may comprise a sheet of glass,preferably untoughened glass, preferably pre-stressed glass adapted tobreak into many pieces, or have many cracks, if it experiencesimpermissable conditions. A surface, possibly a generally planar surfaceof the electronic component may be protected by a unitary or singlesheet of frangible material, at least at a certain distance from thecomponent.

[0015] Preferably the tell-tale is adapted to indicate an attack on themodule by a laser beam. Preferably the tell-tale is adapted to fractureif a laser beam powerful enough to drill through the encapsulant isdirected onto it.

[0016] The module may comprise a tamper-resistant element. Thetamper-resistant element may be the tamper-evident tell-tale.

[0017] Preferably the encapsulant is an optically absorbing colour, suchas black. The encapsulant may be a solid material, such as asolidifiable polymer. A suitable material is epoxy polymers.

[0018] The sheet of frangible material may be coloured, for example itmay be a dark colour. The sheet of frangible material may have athickness of about {fraction (3/1000)} of an inch. The sheet thicknessmay be: less than {fraction (1/1000)} of an inch; about {fraction(1/1000)} of an inch or less, {fraction (5/1000)} of an inch or less,{fraction (1/100)} of an inch, {fraction (3/100)} of an inch, {fraction(5/100)} of an inch, {fraction (10/100)} of an inch, {fraction (20/100)}of an inch or more, or within a range defined between any two points inthe aforesaid list. A thickness in a range of {fraction (1/1000)} to{fraction (10/1000)} of an inch is preferred, most preferably {fraction(3/1000)} inch ±{fraction (2/1000)} inch, or {fraction (3/1000)} inch−{fraction (8/1000)} inch.

[0019] The encapsulant may be in the form of a layer, which layer mayhave a depth that is about, or at least, 2, 5, 10, 50, 100, 500, ormore, times thicker than a tell-tale sheet.

[0020] Preferably the tell-tale sheet extends over substantially thewhole of the plan area of the electronic component. Preferably there istell-tale above and below the electronic component, and preferably tosubstantially all sides of it.

[0021] The electronic component may be a printed circuit board (PCB).The module may comprise a generally flat elongate body, which may begenerally rectangular. There may be a PCB, or other electroniccomponent, sandwiched between layers of encapsulant, which encapsulantlayers are themselves sandwiched between tell-tale layers. The tell-talelayers are preferably frangible sheets, preferably of glass, and asingle frangible sheet may extend over substantially the whole of theplan area of the component/PCB.

[0022] The tell-tale sheet(s) may have a diffusive structure adapted tohinder the transmission of a focused, collimated, laser beam. Thediffusive structure may comprise a roughened, non-smooth, layer. Thismay be an etched, ground, or frosted layer or surface. Such layers candiverge or scatter a parallel laser beam, reducing the energy density inthe encapsulant, and possibly increasing the heating in the tell-talelayer. Such diffusive capability comprises tamper-resistance.

[0023] The tell-tale sheet may have a mirror or reflective surface. Thismay reflect a laser beam, or substantially reflect it, thereby reducingthe intensity of light that reaches the encapsulant, and possiblyincreasing the heating in the tell-tale layer. This may be bothtamper-resistant and enhance tamper-evidence.

[0024] The mirrored or reflective surface and/or the diffusive surfaceneed not necessarily be part of the frangible sheet. They could beprovided on other structures, preferably underlying the frangible sheet.

[0025] The electronic component, or PCB, may comprise a clock. Thetamper-evident and/or tamper-resistant module may comprise a TrustedClock.

[0026] The module may have an overlayer of masking material covering thetell-tale. The masking material may comprise an encapsulant, possibly ofthe same material as that which contacts the electronic component.

[0027] The encapsulant and/or masking material may have an identifiablechemical, or physical, signature, possibly due to the addition ofsignature compounds or microparticles: the addition of signaturematerial. This can make it difficult for someone to remove theencapsulant or masking material, compromise the electronic component,and apply new masking material or encapsulant. They would have to matchthe material signature closely enough to fool chemical and/or physicalanalysis for this to be undetectable.

[0028] According to a second aspect the invention comprises a computingdevice having a tamper-evident and/or tamper-resistant module inaccordance with the first embodiment of the invention.

[0029] Preferably the computing device is from the group: PC; server.Preferably the tamper-evident and/or tamper-resistant module comprises atrusted clock.

[0030] Instead of a continuous sheet of frangible material there couldbe a serpentine, meandering, or convoluted path which may be broken ifit is hit with a laser or drill. This may be a path doped into a carriersheet (eg of silica, silicon or glass). Instead of being able to detectan attack visually using the unaided eye, the integrity of the tell-talelayer could be established by monitoring in some other way, for exampleby passing light or electricity along a pathway and detecting if thepathway is damaged or not present. Visual inspection is the preferredoption.

[0031] According to another aspect the invention comprises a method ofdetecting that an attempt to compromise an electronic component has beenmade comprising protecting the electronic component with a thin sheet offrangible material, the sheet being sufficiently thin that it cracks orbreaks if an attempt to drill through it or cut through it is made.

[0032] Preferably the method comprises using a thin sheet of glass toindicate tampering. Preferably the method comprises using glass that isthin enough and stressed enough to shatter if it is stressed beyond apermissable level.

[0033] The method may comprise using a diffusive material to protect thecomponent from a laser beam, the diffusive material in use diverging alaser beam so as to reduce the spatial energy intensity.

[0034] The sheet of frangible material may be treated so as to cause itto be diffusive. The treatment may be from the list: etching, grinding,roughening.

[0035] The method may comprise using a reflective surface to protect theelectronic component from a laser beam attack. The reflective surfacemay be associated with the frangible sheet, e.g. coated on it. Thefrangible sheet may have a reflective surface and a diffusive surface.The method may comprise covering the sheet of frangible material with amasking layer.

[0036] According to another aspect the invention comprises a method ofproviding a trusted data output from a trusted electronic component, themethod comprising: providing a tamper-evident and/or tamper-resistantelectronic module in accordance with the first aspect of the inventionand checking that said module has not been tampered with, the dataoutput from said module during the period when the module has not beentampered with comprising trusted data.

[0037] Preferably the method comprises providing a trusted clock moduleas the tamper-evident and/or tamper-resistant module and the trusteddata comprises a timestamp.

[0038] According to another aspect the invention comprises a method oftimestamping a document, digest of a document, or data comprising usinga tamper-evident and/or tamper-resistant trusted clock module inaccordance with the first aspect of the invention.

[0039] According to another aspect the invention comprises a method ofmanufacturing a tamper-evident and/or tamper-resistant electronic modulecomprising the steps of taking an electronic component and at least onesheet of frangible material that is sufficiently thin that it is likelyto crack or break if an attempt is made to drill or cut through it witha laser drill when said module is made, and encapsulating said componentand said sheet in encapsulant material.

[0040] The encapsulant may be a dark colour (e.g. black, blue, red) andthe method includes the step of obscuring from view said sheet withencapsulant.

[0041] According to another aspect the invention comprises a sheet offrangible material for use in providing tamper-evidence and/or tamperresistance, said sheet having a diffusive layer adapted in use todiffuse a laser beam, and also a reflective layer adapted in use toreflect a laser beam.

[0042] Preferably the sheet is a sheet of glass having a thickness ofnot more than about {fraction (5/100)} inch and having an etched surfacecomprising said diffusive layer, and a metallised surface comprisingsaid reflective layer.

BRIEF DESCRIPTION OF THE DRAWINGS

[0043] Embodiments of the invention will now be described by way ofexample only, with reference to the accompanying drawings, of which:

[0044]FIG. 1 shows a tamper-evident electronic data storing or dataproviding device in accordance with the invention;

[0045]FIG. 2 shows the device of FIG. 1, in this example in the form ofa PCI card, or card-equivalent, being introduced into a PC;

[0046]FIG. 3 shows schematically a PCB protected using the presentinvention;

[0047]FIG. 4 shows variant similar to that of FIG. 3;

[0048]FIGS. 5A to 5F show different glass sheets that can be used in theinvention;

[0049]FIG. 6 shows a PCB suitable for protection using the presentinvention;

[0050]FIG. 7A and 7B schematically shows the PCB of FIG. 6 protectedusing the invention;

[0051]FIG. 8 shows schematically a preferred embodiment of theinvention;

[0052]FIG. 9A to 9C shows other techniques for achieving the invention;

[0053]FIG. 10 shows another preferred embodiment of the invention;

[0054]FIG. 11 illustrates schematically a way of making the embodimentsof FIGS. 8 and 10, and apparatus for making them; and

[0055]FIGS. 12A and 12B show respectively an uncompromised PCI card andin accordance with the invention and a PCI card that has been attackedwith a laser drill.

DETAILED DESCRIPTION OF THE INVENTION

[0056]FIG. 1 shows a Trusted Clock PCI card 10 for a computer, such as apersonal computer 12 shown in FIG. 2. The card 10 is a half-width PCIcard having a plurality of connectors 14 projecting from a glass-cladpolymer matrix body 16.

[0057] The card 10 is about 6 inches×4 inches×½”. It has, as shown inFIG. 3, a printed circuit board 18 which carries electronic componentssuch as clock-associated microprocessors 20, 22, a battery 24, andassault sensors 26 and 28. The card 10 also has a thin glass upper sheet30 and a thin glass lower sheet 32. The glass of the sheets 30 and 32 isuntoughened stressed glass which cracks or shatters when subjected totoo much stress or strain. The glass sheets 30 and 32 are in thisexample about {fraction (3/1000)} of an inch thick and face the polymermatrix body 16, with the glass and polymer matrix in intimate face toface contact. The body 16 is made of a black epoxy polymer material 34such as may be commonly used in the electronics industry as an adhesivefor electronic components. The matrix material 34 of the body 16 carriesa chemical marker or signature: a substance present, often addedspecifically, to aid recognition of the matrix material in tests. Morethan one chemical marker may be present in the matrix material.

[0058] The PCB 18 also carries a digital signer chip 36, or the chips20, 22 can provide a digital signature function.

[0059] In use of the card 10 the computer 12 sends via the connectors 14a digest, hash, or fingerprint of a document to be timestamped to thecard 10, (which document may itself be a hash or digest of a largerdocument) and the clock chips 20, 22 associate a time derived from theirclock function with the document, and the digital signer 36 signs thetimestamped document digest. The signed timestamped document digest, orhash, may be stored on a memory chip (not shown) on the PCB, and/or maybe output back to the PC via the connectors 14, preferably after firstbeing encrypted.

[0060] The clock of the PCI 10 cannot be altered either (i) at all, or(ii) by unauthorised instructions. The PCI is tamper-evident because ofits thin glass sheets. If the veracity of the timestamp applied todocuments by the PCI 10 is to be established a trusted person, who maybe the supplier of the PCI card, physically inspects the card for signsof tampering.

[0061] One way of tampering with a PCB or PCI card is to drill into thePCI card and interfere with the circuitry and/or chips on the card.Drills which could be used include mechanical drills, laser beams, andion beams.

[0062] The inspecting person looks for signs of discoloration, cracking,or damage to the glass sheets 30 and 32. If an optical laser drill isused the laser beam initially passes straight through the opticallyclear glass sheet 30 or 32, but strikes the optically absorbent matrixmaterial 34 (usually black or other dark colour such as brown, blue,red, etc.) which is in physical and thermal contact with the glass sheetover their interface. The matrix material gets hot as it is burned awayby the laser beam and heat is conducted into the glass sheet. The suddenand sharp temperature change in a localised region of the glass sheetcauses thermal stress and causes the glass sheet 30 or 32 to shatter orcrack, or at least be marked, thereby rendering the device visiblydistinct from unattacked devices.

[0063] A further physical effect which causes cracking of the glass isthat as the matrix material 34 is vaporised by the laser beam a plasmaor gas is produced which exerts a pressure on the glass above it, andthis pressure can break, crack, or mark the glass: it need not be thethermal shock that is the cause of the glass breaking.

[0064] The PCI card 10 of FIGS. 1 and 3 may be as previously describedwith a glass sheet as its outer surface, or it may be as shown in dottedoutline in FIG. 3 and may have an outer shell or layer 38 of encapsulantmatrix material, such as epoxy resin matrix, probably with a chemicalsignature marker(s)

[0065] It will be appreciated that by encapsulating the PCI card 10 inencapsulant matrix material it is even harder for an attack on theintegrity of the card to be made without it being evident afterwards. Ifsomeone uses a solvent, or other means, to remove some or all of thematrix material in a region they would have to try to replace thatmatrix material afterwards, and providing the new matrix material withthe correct chemical signature would be very difficult. A person testingfor assaults on the card 10 could take a sample, or several or manysamples of matrix material from different places on the body 16 andcheck that they had the correct chemical signature.

[0066] Someone checking that the card 10 has not been tampered withcould destroy the card in the process. Someone trying to tamper with thecard undetected cannot afford to do this. In the model where the ownerof the device loans the device to a customer (for payment typically),they will know which customer allowed an attack on their device to takeplace when they inspect the device. Customers with bad histories couldbe denied access to devices.

[0067] A mechanical drill attack on the glass plate 30 or 32 is alsolikely to fracture it/be readily detectable. Mechanical and/or thermalstresses will be set up and these can cause the glass to be visuallydifferentiated from unstressed glass.

[0068]FIG. 4 shows another embodiment. In this example the PCB board 18is asymmetrically disposed between the upper and lower glass sheets 30and 32. This can make it more unpredictable for an attacker to determinehow deep they have to drill to get to the board. The epoxy encapsulantmatrix 34 is opaque and so they cannot see the board using opticallight. The glass may be transparent, or coloured.

[0069]FIG. 5A shows the sheet glass used in the embodiments of FIGS. 1,3 and 4. This glass is about {fraction (3/1000)} inch pre-stresseduntoughened glass, with a propensity to crack, and preferably apropensity to crack a lot/shatter into many small pieces if it breaks.This can aid the immediate visual realisation that the glass hasbroken/been interfered with.

[0070]FIG. 5B illustrates another feature of some embodiments of theinvention, and shows a sheet of pre-stressed untoughened glass 40 havinga smooth surface 42 and a roughened, unsmooth, surface 44. The unsmoothsurface 44 is in this example an etched surface. It may be etched usingchemicals (e.g. HF acid), or mechanically (e.g. sandblasted or ground).An advantage of having an etched/rough surface is that it diffuseslight, reducing the power density of any laser beam that propagatesthrough it, and thereby reducing the effectiveness of the drillingoperation of a laser beam and increasing the local heating in thevicinity of the glass/matrix interface at the region where a laser beamimpacts the glass. This provides tamper-resistance, and may increasetamper-evidence.

[0071] The glass sheet 40 could be disposed relative to the PCB so as tohave its diffusing surface facing the PCB (on the inside of the PCIcard). This makes it impossible to grind or polish the diffusive surfaceflat before using a laser drill. Alternatively, the diffusive surfacemay be facing outwards. This may make it easier to see glass/matrixinterface markings/visual signs of tampering, for example if the roughsurface is polished flat during the tamper-free verification process. Atampering person may not realise that they have marked the glass/matrixinterface. Again in the preferred embodiment the glass is thin enough toshatter if a laser is used to drill through matrix material beneath it.

[0072]FIG. 5C shows a sheet of glass 46 which is diffusive at both ofits surfaces (e.g. etched, ground, frosted, sandblasted etc).

[0073]FIG. 5D shows another sheet of glass, sheet 48, which can be usedin the invention. This time the glass has a mirrored surface 50. Thiswould usually be adjacent the matrix, near to the PCB, but it could beon the outside of the glass layer, facing away from the PCB. Themirrored surface is to reflect laser light, substantially preventing thelaser beam from penetrating to the encapsulant matrix material, orreducing the intensity of light that reaches the encapsulant/matrixmaterial. This provides a degree of tamper-resistance.

[0074] Reflecting light back into the glass sheet may also cause thesheet to absorb more light, and possibly thermally expand locally,breaking or cracking the glass. This may provide greatertamper-evidence.

[0075] The sheet 48 could have a mirror coating on both of its surfaces.This may also result in the glass heating locally and/or reduce thetransmission of laser light.

[0076]FIG. 5E shows a sheet of glass 52 which has a diffusive surface 54on one side and a mirror coating 56 on the other side. The diffusivesurface scatters, defocuses, and dissipates the intensity of an incidentlaser beam, and the mirror layer 56 reflects substantially all of thelaser light back. These two effects make it very difficult to drill asmall hole in the encapsulant matrix material, which is opaque to thelaser light, beneath the glass without overheating the glass andcracking or otherwise marking it.

[0077]FIG. 5F shows another possibility in which a glass sheet 58 has adiffusive surface 60 which itself has applied to it a mirror coating 62.The diffusive surface can be “hidden” or protected beneath the uppersurface, referenced 64, of the sheet and cannot be polished flat fromthe outside.

[0078] Suitable mirror finishes could be mercury based layers, orchromium-based layers, or metallic paints.

[0079] It will also be appreciated that instead of/as well as mirrorlayers 50, 56, 62, it is possible to have absorbent layers associatedwith the glass (e.g. an absorbent paint layer). These may not benecessary since the epoxy encapsulant is typically a black, opticallyabsorbent, material. If for some reason the encapsulant matrix materialwere not strongly absorbent enough an absorbent layer may be provided.This could absorb laser light, get hot, and cause the glass to break.

[0080]FIG. 6 shows details of an alternative PCB board 118 to beprotected in accordance with the invention. The board 118 has a TrustedClock chip 120, a battery 124, board interference sensors 126, 127, 128,a signal injector 129, a PIC chip 122 and an output only line 130. Thereare no external inputs to the PCB 118: it simply sends out a timestampsignal via line 130. It may do this periodically, e.g. once everysecond, or every minute, or for example, every {fraction (1/100)} of asecond. Alternatively there may be an input to the chip 130, referenced132, for example in order to correct its clock for drift.

[0081] Sensor 126 is a temperature sensor, such as a thermister. Thissenses the temperature at the chip and either provides that to the PICchip 122 which determines whether it is within allowable bands, orcompares the signal from sensor 126 with a reference temperature signaland checks that they are close enough, within an allowable range. Thiscan detect overheating (e.g. due to laser attack), or cooling (e.g. subzero ° C. cooling). Sensor 127 is a vibration sensor and/or orientationsensor (possibly an electronic gyroscope) which sends signals to thechip 122 which checks if untoward vibration and/or re-orientating of thePCB has taken place. Sensor 128 is a power supply sensor which sensesthe power supply to the chip 120 and/or chip 122 and provides signalsindicative of power supply characteristics to the chip 112 which usesthem, possibly in combination with a reference power supply signal, todetermine whether the power supply to chip 120 and/or itself is beingaltered or perturbed. Signal injector 129 generates known signals ofknown characteristics, and introduces them to parts of the PCB. Thoseknown generated signals are fed back to the chip 122 where a comparatorcompares the injected signals with the returned signals and if the matchis not what was expected this is indicative of a problem, and that theTrusted Clock may have been compromised and is unsafe. The injectedsignals may constitute guard signals transmitted over a guard network orguard wire where breaking the wire (e.g. with a drill) blocks thetransmission of the guard signals. Alternatively or additionally theinjected signals may be injected into the chip 120 itself and may beinfluenced by attacks on the clip 120. The injected, or guard, signalsmay be a fluctuating signal which changes rapidly in a known way. Forexample it may be a digital signal that is altered thousands of times asecond.

[0082] It will be appreciated that upon detection of a non-allowableevent the chip 122 may instruct the Trusted Clock chip 120 not toproduce any more time signals, and/or it may emit an alarm signal,and/or it may note the event in an internal memory, a memory on the PCB,or an external memory (or it may record the event in more than onememory). The alarm signal may be transmitted via output 130, or possiblyvia a wireless alarm emitter provided on the PCB 118.

[0083]FIG. 7A shows an electronic component 140 that is to betamper-evident-protected surrounded by an encapsulant 142, and having asheathing 144 of thin frangible material to form a tamper-evident body145. The sheathing 144 comprises a top sheet 146, a bottom sheet 148 andside sheets 150 (only one of which is shown). In this example edgeportions 152 of the sheet 150 overlie edge portions 154 of the top andbottom sheets. In the arrangement of FIG. 7B it is the other way round:edge portions 154 of the top and bottom, main facing, sheets overlie andcover the edge portions 152 of the end/side sheets 150. Of course, theside sheets 150 could overlie the edge regions of one of the facingsheets 146, 148 and underlie the edge region of the other. It will beappreciated that the body 145 is covered at all of its surfaces with thethin frangible material. This frangible material could be glass asotherwise described, or some other material that is liable to crack orbreak when attacked by a drill or other cutting tool.

[0084] It will also be appreciated that although we have discussed thetamper-evident sheet material cracking to provide a visualtamper-evident signal some other tamper-evident signal could be providedinstead of this, or as well as this. For example, there may be a changeof colour. There may be a change of non-visual properties (i.e. visuallyinspecting a device to see if it has been tampered with is the preferredoption, but it is not the only one). The electrical conductivity of atell-tale structure (e.g. sheet or net) may be altered by an attempt tocompromise the electronic device that is protected, or the opticaltransmissivity or reflectivity, or absorption characteristics of thetell-tale may be altered by the attack.

[0085]FIG. 8 shows a preferred embodiment of the invention in which atamper-evident electronic component module 159 comprises a PCB 160encapsulated in black epoxy resin 162 which is bonded to thin sheets ofglass facing 164, 166, 168, 170, comprising tell-tale indicia. Each ofthe sheets of glass has an inner face 172 which has a mirror layer 174,and a diffusive outer surface 176 (an etched, frosted, outer surface).The module 159 may be covered with an obscuring material 176 (shown inFIG. 10), which may be expoxy material to form a block 191. For examplethe module shown in FIG. 8 may be encased in an opaque (e.g. black)encapsulant.

[0086]FIG. 9A shows schematically a sheet of glass 180 having anenergy-absorbing layer 132, e.g. painted onto the glass. The energyabsorbing layer absorbs energy from a laser drill and causes the glassto crack.

[0087]FIG. 9B shows a sheet of glass 184 associated with a photochromiclayer 186 which changes colour (permanently) when exposed to light abovea certain intensity. Alternatively, the layer 186 could be a thermallysensitive layer which changes colour when it gets too hot and/or cold.

[0088]FIG. 9C illustrates an embodiment where a tamper-evident module190 has asymmetric arrangements to either side of the electronic devicebeing protected. In this example, one sheet of glass is frosted and theother is not.

[0089]FIG. 9C also shows another feature which can be used with otherembodiments. The encapsulant material which contacts the thin sheet andthe PCB could have particles 192 or other inclusions (e.g. fibres,bodies, powders etc) which are intended to reduce the effectiveness oflaser drill attack, or to provide a tell-tale that an attack has takenplace.

[0090] The particles 192 may comprise reflective particles, or particleswhich absorb energy at the expected wavelength of laser attack, orphotosensitive or thermally sensitive particles which undergo adetectable change when they are illuminated by a laser or heated by alaser. The encapsulant may have more than one type of particledistributed in it.

[0091] As an alternative to glass which breaks when it gets hot/stressesare introduced, the thin sheet could melt/become plastic. It could bemade of a plastics polymer material (preferably with a chemicalsignature) that is difficult to reproduce. The thin sheet could have afrangible layer and a non-frangible layer, breaking of the frangiblelayer being evident due to fringe interference effects between the twolayers due to the broken layer moving away from the unbroken layerslightly. For example, there could be a frangible layer with a plasticsbacking film.

[0092]FIG. 11 shows a way of producing tamper-evident electronicmodules, and apparatus for manufacturing them.

[0093] To produce the module 159 of FIGS. 8 and 10 the sheets 164, 166,168, 172, and the PCB 160 are held in place with their relativepositions established and the epoxy polymer material 162 and 176 (whichcomprises the same black epoxy) is injected between the PCB 160 and theglass plates, and around the glass plates to form the internalencapsulant 162 and the external encapsulant 176. The expoxy then sets.

[0094]FIG. 11 shows schematically a manufacturing apparatus 199comprising positioning rig 200, expoxy dispense nozzles 202, an epoxydispense system 204, a positioning rig control system 206, and a controlprocessor 208. The control processor controls the movement and operationof the positioning rig 200 and the epoxy dispense system 204. Mouldwalls 210 are used to define the outer surfaces of the block 191 of FIG.10.

[0095] It may be necessary to form the module 159 of FIG. 8 first,before encapsulating that module with epoxy to create the block 191 ofFIG. 10.

[0096] When forming the module 159 there may be tamper-evident sheetsupport surfaces, or plates, provided to support the tamper-evidentsheet (e.g. thin glass sheet) laterally as the epoxy or otherencapsulant is introduced between the electronic component and thetamper-evident sheet. The support surface and the tamper-evident sheetmay be in face-to-face contact as the encapsulant isinjected/introduced. This enables thinner sheets of glass or othertamper-evident material to be used than would otherwise be the casesince they do not have to withstand the lateral forces applied by theencapsulant unaided. The support surfaces may remain in contact with theface of the tamper-evident sheet whilst the epoxy/encapsulant beneaththe sheet cures (this can also cause stress/strain in the sheet). Thetemperature of the module 159 and the support surfaces may be controlledduring cooling of the encapsulant, for example to avoid too-rapidcooling which may put too great a strain on the thin tamper-evidentsheet: in order to avoid thermal shock from breaking the tamper-evidentsheet.

[0097] The dispense nozzles 202 may be movable. There may be somedispense nozzles which are used to form the module 159, and some thatare used to introduce the material of the encapsulant 176.

[0098]FIG. 11 shows a possible advantageous feature. One or more of thesheets is 164 to 170 may have a through hole or holes 212 extendingthrough them which allow epoxy under pressure to pass through (e.g. frombetween the PCB 160 and the plate 164 to the outside of the plate 164).This may help to key the glass plate to the body of epoxy that isbeneath it. It also alleviates the need to be too precise in the amountof epoxy that is pumped in, and the flow rate of epoxy, since thehole(s) effectively provide an overflow escape route for excess epoxy.FIG. 11 shows schematically at 214 such flowed-through epoxy whicheffectively become patches of epoxy on the outer side of the glasssheets. Walls 210 may have such epoxy-escape channels.

[0099] Alternatively another excess epoxy escape channel mechanism maybe provided to remove the need to control the volume and rheologicalproperties of the epoxy too closely.

[0100] The glass plates may be held relatively imprecisely in position,possibly with a degree of movement in their position. This may be usedto accommodate encapsulant-injection problems.

[0101] It will be appreciated that the PCB may be exposed to conditionsbefore its in-situ use in an electronic device, when the electronicdevice is itself in its final phase of use, which would be outside ofthe parameters set for triggering an attack alarm. For example if adevice is left in an unheated warehouse it could get as cold as −20° C.,and a device may be vibrated and re-orientated during transport. Forthis reason the PCB, or the PIC chip, could have an activation triggerwhich can be activated when the device is ready for use, after unusualinstallation conditions have already occurred.

[0102] It will also be appreciated that one business model for using theinvention is that a Trusted Organisation (someone who is likely to bebelieved) may allow a customer, person or company to take possession ofone of their Trusted Clock Modules on condition that they do not tamperwith it, and the customer uses the Trusted Clock Module to timestampdocuments. Periodically (e.g. once every year or every 6 months) theTrusted Organisation may inspect the Trusted Clock Module for signs oftampering and if no sign is found the data or documents timestamped bythat Trusted Clock Module in the foregoing period can be trusted to havethe correct timestamp. If the Trusted Clock Module is found to have asign consistnt with tampering then the timestamps that it has made sinceit was last checked may be suspect. Some action may be taken against acustomer who has permitted their module to be tampered with, or somewarning given to them.

[0103] Of course, the Trusted Clock Module could be inspected orinvestigated for signs of tampering at any time: it is not necessary towait for the predetermined pre-planned inspection times. Indeed, theremay be no pre-scheduled inspection timetable: the module could simply bechecked for tampering by a Trusted Person/the Trusted Organisation upondemand.

[0104] It will also be appreciated that a network, such as a LAN or WAN,could share a Trusted Clock Module without needing Internet access toit.

[0105]FIG. 12A shows schematically an untampered PCI card, and FIG. 12Bshows a PCI card in accordance with the invention after a laser drillhas been used on it. The cracks in the sheet glass of the card of FIG.12B are clearly, and immediately readily, visible.

[0106] It will be appreciated that the frangible sheet material shouldbe as frangible as practicable, so long as it can withstand themanufacturing process for the module. In the case of a sheet of glass,this means that it should be as thin as possible, consistent with beinghandleable and consistent with it being possible to fabricate themodules without breaking it.

What is claimed is:
 1. A tamper-evident electronic module comprising anelectronic component embedded in an encapsulant material and at leastone thin sheet of frangible material contacting and overlying saidencapsulant material and overlying said component, said sheet beingsufficiently thin that it is likely to crack or break if an attempt ismade to drill or cut through it with a laser drill.
 2. A moduleaccording to claim 1 wherein said frangible material comprises a sheetof glass.
 3. A module according to claim 1 wherein said encapsulantcomprises an epoxy polymer material.
 4. A module according to claim 1wherein said encapsulant material comprises an epoxy polymer materialand said frangible material comprises a sheet of glass no thicker thanabout {fraction (1/10)} of an inch.
 5. A module according to claim 4wherein said sheet is no thicker than about {fraction (1/20)} of aninch.
 6. A module according to claim 4 wherein said sheet is about{fraction (3/100)} of an inch thick, or less.
 7. A module according toclaim 1 wherein said sheet has a diffusive layer adapted in use todiffuse a laser beam so as to reduce the energy intensity of the lightwhich passes through said sheet.
 8. A module according to claim 7wherein said diffusive layer of said sheet comprises an etched surfaceof said sheet.
 9. A module according to claim 1 wherein said sheet has areflective layer adapted in use to reflect at least a substantial partof the light of an incident laser beam.
 10. A module according to claim1 wherein said sheet has both a reflective layer adapted in use toreflect at least a substantial part of the light of an incident laserbeam and a diffusive layer adapted in use to diffuse an incident laserbeam so as to reduce the energy intensity of a beam which passes thediffusive layer, said reflective layer being disposed between saidencapsulant material and said diffusive layer.
 11. A module according toclaim 1 wherein said encapsulant is sandwiched between two spaced apartsaid frangible sheets.
 12. A module according to claim 1 wherein saidcomponent comprises one of: (i) a timestamping clock adapted totimestamp data, or (ii) a PCB having a timestamping clock, adapted totimestamp data, said module comprising a timestamping module.
 13. Amodule according to claim 1 wherein the or each frangible sheetcomprises a single sheet separated from any other frangible sheet andwherein at least one electronic tamper-evident or tamper-resistantelectromagnetic element is provided in said encapsulant material betweensaid sheet and said electronic component.
 14. A module according toclaim 1 wherein said encapsulant containing said electronic component issandwiched between an upper and a lower spaced apart sheets of glasswith said encapsulant being in face to face contact with an inner faceof each said sheet of glass, and wherein at least one tamper-evidentelectronic element is provided in said encapsulant material between saidupper sheet and said electronic component and at least anothertamper-evident electronic element is provided in said encapsulantmaterial between said lower sheet and said electronic component.
 15. Amodule according to claim 14 wherein said upper and lower sheets ofglass are covered by a protective obscurant.
 16. A tamper-evidenttimestamping module comprising a trusted clock embedded in anencapsulant matrix sandwiched between two frangible sheets of frangiblematerial, said sheets being sufficiently thin that they are likely tocrack or break if an attempt is made to drill or cut through them with alaser drill.
 17. A module according to claim 16 which comprises a PCIcard.
 18. A module according to claim 16 wherein said encapsulantmaterial includes chemical signature molecules.
 19. A module accordingto claim 16 wherein said sheets are themselves encapsulated inencapsulant material.
 20. A method of detecting that an attempt tocompromise an electronic component has been made comprising protectingthe electronic component with a thin sheet of frangible material, thesheet being sufficiently thin that it cracks or breaks if an attempt todrill through it or cut through it is made.
 21. A method according toclaim 20 comprising using a thin sheet of glass to indicate tampering.22. A method according to claim 21 comprising using glass that is thinenough and stressed enough to shatter if it is stressed beyond apermissible level.
 23. A method according to claim 20 comprising using adiffusive material to protect the component from a laser beam, thediffusive material in use diverging a laser beam so as to reduce thespatial energy intensity.
 24. A method according to claim 23 comprisingtreating said sheet so as to cause it to be diffusive, said treatmentbeing from the list: etching, grinding, roughening.
 25. A methodaccording to claim 20 comprising using a reflective surface to protectthe electronic component from a laser beam attack.
 26. A methodaccording to claim 25 comprising coating the frangible sheet withreflective material.
 27. A method according to claim 20 comprisingcoating one surface of a sheet of glass with a reflective material andtreating the other surface of said sheet of glass so as to form adiffusive surface.
 28. A method of providing a trusted data output froma trusted electronic component, the method comprising: providing atamper-evident electronic module in accordance with claim 1 and checkingthat said module has not been tampered with, the data output from saidmodule during the period when the module has not been tampered withcomprising trusted data.
 29. A method of timestamping a document or databy using a trusted clock retained within a tamper-evident electronicmodule comprising an electronic component embedded in an encapsulantmaterial and at least one thin sheet of frangible material contactingand overlapping said encapsulant material and overlaying said componentwherein said sheet is sufficiently thin that it is likely to crack orbreak if an attempt is made to drill or cut through it with a laserdrill, such that a document or data provided to the trusted clock istimestamped by the trusted clock
 30. A method of manufacturing atamper-evident electronic module comprising the steps of taking anelectronic component and at least one sheet of frangible material thatis sufficiently thin that it is likely to crack or break if an attemptis made to drill or cut through it with a laser drill when said moduleis made, and encapsulating said component and said sheet in encapsulantmaterial.
 31. The method of claim 30 wherein said encapsulant is a darkcolour and the method includes the step of obscuring from view saidsheet with encapsulant.
 32. The method of claims 30 comprisingimprecisely positioning said sheet and said component relative to eachother so that modules produced by said method are not identical, therelative position of said sheet and said component having a degree ofvariability.
 33. The method of claim 30 comprising introducing animprecisely controlled amount of encapsulant between at least one of (i)the space between said component and said sheet, (ii) the space betweensaid component and a module-surface defining wall.
 34. The method ofclaim 33 comprising providing flow passageways from at least one of: (i)said space between said component and said sheet; (ii) said spacebetween said sheet and said module-surface defining mould wall, suchthat fluid encapsulant can flow from the space (i) and/or (ii) duringthe encapsulation.
 35. The method of claim 34 comprising having saidsheet have at least one or hole or through passage provided in it.
 36. Asheet of frangible material for use in providing tamper-evidence and/ortamper-resistance, said sheet having a diffusive layer adapted in use todiffuse a laser beam, and also a reflective layer adapted in use toreflect a laser beam.
 37. A sheet according to claim 36 comprising asheet of glass having a thickness if not more than about {fraction(5/100)} inch and having an etched surface comprising said diffusivelayer, and a metallised surface comprising said reflective layer.